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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 28 July 2005 appealing from the Office action mailed 
21 March 2005. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is incorrect. A correct 
statement of the status of the claims is as follows: 

Claims 1-80 are pending in the application. Claims 1-24, 26-71, and 73-80 stand fully 
rejected under 35 U.S.C 102(e) as being anticipated by Gennaro (U.S. Patent No. 6,3 17,834). 
Claims 25 and 72 stand finally rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gennaro in view of Huang (U.S. Patent No. 5,856,789). 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 
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(8) Evidence Relied Upon 



6,317,834 



GENNARO 



11-2001 



5,856,789 



HUANG 



1-1999 



(9) Grounds of Rejection 



The following ground(s) of rejection are applicable to the appealed claims: 



Claim Rejections - 35 USC §102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1 (2) of such treaty in the English language. 

Claims 1-24, 26-71, 73-80 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Gennaro, U.S. Patent No. 6,317,834. Referring to claims 1-4, 8-12, 14-16, 21-24, 26, 28-31, 32, 
35, 36, 39-47, 50-62, 65, 66, 68-71, 73, 75-80, Gennaro discloses a biometric authentication 
system wherein biometric information in the form of fingerprints, voice pattern, retinal pattern, 
iris scans, and signatures (Col. 1, lines 35-39) are captured along with personal information 
unique to each individual (Col. 1, lines 62-67 & Col. 2, lines 32-34), which meets the limitation 
of receiving biometric data. The biometric data is then encrypted with random data (Col. 2, lines 
1-5, 27-3 1), which meets the limitation of receiving a nonce, and encrypting the biometric data 
using the nonce and to transmit only encrypted biometric data and the nonce. The encrypted 
biometric information is then stored along with the random data in a biometric database (Col. 2, 
lines 45-57). The system is also capable of decrypting the biometric data (Col. 3, lines 4-19), 
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which meets the limitation of the master device decrypting the encrypted biometric data. 
Gennaro discloses the user inputting personal information as a response to random challenge 
questions (Col. 2, lines 28-34). The personal information meets the limitation of a secret. These 
responses are used in a computing environment to calculate data and would therefore be stored in 
some fashion. Since Applicant's claim requires only "to store the secret", the limitation is meet 
because non-volatile and volatile storage alike would meet this limitation. Therefore, these 
responses being received into a computing environment would require them to be at least 
temporarily stored within a memory or a cache of some variety in order for them be used within 
the computing environment. The responses can then be used to generate an encryption key and 
encrypt the biometric data (Col. 2, lines 34-47), which meets the limitation of encrypting the 
biometric data using the secret, transmitting at least an indication of the secret with the biometric 
data, and transmitting only the encrypted biometric data and the nonce. 

Referring to claims 5, 18, 33, 48, 63, Gennaro discloses that the random data and the 
responses, which act as the secret, are used to generate the encryption key that encrypts the 
biometric data (Col. 2, lines 27-47), which meets the limitation of encrypting the biometric data 
using the secret and the nonce. 

Referring to claims 6, 13, 19, 27, 34, 37, 49, 64, 67, 74, Gennaro discloses that one of the 
responses could be a telephone number (Col. 9, lines 10-12), which meets the limitation of a 
globally unique identifier that is used, along with the secret and the nonce (addressed above), to 
encrypt biometric data. 

Referring to claims 7, 20, Gennaro discloses acquiring a personal identifier (Col. 2, line 
9), which would meet the limitation of the secret comprising a GUID. 
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Referring to claims 16, 17, 35, 38, 46, 50, 61, 65, Gennaro discloses that in order to 
authenticate a biometric record the user provides the system with a personal identifier, which 
meets the limitation of a GUID or secret, and a biometric sample that corresponds to the 
biometric record that is being authenticated (Col. 4, lines 41-56), 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3 . Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

Claims 25, 72 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gennaro, 
U.S. Patent No. 6,317,834, in view of Huang, U.S. Patent No. 5,856,789. Referring to claims 25, 
72, Gennaro discloses a biometric authentication system wherein biometric information in the 
form of fingerprints, voice pattern, retinal pattern, iris scans, and signatures (Col. 1, lines 35-39) 
is captured along with personal information unique to each individual (Col. 1, lines 62-67 & Col. 
2, lines 32-34), which meets the limitation of receiving biometric data. The biometric data is then 
encrypted with random data (Col. 2, lines 1-5, 27-31), which meets the limitation of receiving a 
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nonce, and encrypting the biometric data using the nonce and to transmit only encrypted 
biometric data and the nonce. The encrypted biometric information is then stored along with the 
random data in a biometric database (Col. 2, lines 45-57). The biometric information can also be 
encrypted using a key generated from password information (Col. 1, line 67 - Col. 2, line 2), 
which meets the limitation of receiving a secret, and encrypting the biometric data using only the 
secret. Gennaro does not disclose that the system utilizes a processor, north bridge, and south 
bridge, Huang discloses a computer system containing a processor, north bridge, and south 
bridge (Col. 2, lines 63-67). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to use a computer system configuration of Huang in the biometric 
authentication system of Gennaro because Huang discloses that disclosed computer system 
configuration is state of the art (Col. 2, line 63). 
(10) Response to Argument 

Applicant's arguments filed 28 July 2005 have been fully considered but are not 
persuasive. Applicant argues that Gennaro does not disclose a nonce, which is not persuasive 
because Gennaro discloses that biometric data is encrypted with an encryption key generated 
from a random combination of answers provided by the individual during a challenge/response 
session (Col. 2, lines 27-3 1). After an authentication attempt a new challenge list is randomly 
generated to create the next encryption key (Col. 3, lines 15-19). This meets Applicant's 
definition of a nonce because new random challenges are generated each time, and would 
therefore be a "used a single time". Applicant pointed to page 35, lines 16-21, to define a nonce 
and the recitation states : 
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"One use of the monotonic counters 43 5 A and 43 5B is a source for a nonce. Each nonce 
must be different. Differences may be predictable or unpredictable. Nonces may be used to help 
prevent replay attacks. When a message is encrypted, changing even one bit changes the 
encrypted message. Any strong encryption method distributes even one-bit change extensively. 
A nonce may be used in a challenge-response method, such as described below." 

The above-mentioned recitation of Gennaro meets Applicant's definition because new 
randomly generated challenges are generated (Col. 3, lines 15-20) and the challenges can be 
prompting the user for personal information such as a zip code, telephone number, or birth date 
(Col. 9, lines 7-1 1). Therefore, Gennaro's challenges are changed even one-bit and used in a 
challenge response method. 

Applicant argues that Gennaro does not disclose authenticating biometric data using a 
random number is not persuasive because Gennaro using the randomly generated key to decrypt 
a stored biometric sample and if the decryption is unsuccessful, the individual cannot be verified 
and his or her authorization status will be declared as "failed", thereby terminating the 
verification session (Col. 7, lines 31-35). Therefore, Applicant's argument that decryption is not 
the same operation as authentication is not persuasive because in the system of Gennaro, 
decryption is effectively used for authentication. 

Applicant's arguments with respect to the combination of Gennaro in view of Huang are 
identical to the previous arguments about Applicant's definition of a nonce, and have been fully 
addressed above. 

(11) Related Proceeding(s) Appendix 
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No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 

This examiner's answer contains a new ground of rejection set forth in section (9) above. 
Accordingly, appellant must within TWO MONTHS from the date of this answer exercise one 
of the following two options to avoid sua sponte dismissal of the appeal as to the claims subject 
to the new ground of rejection: 

(1) Reopen prosecution. Request that prosecution be reopened before the primary 
examiner by filing a reply under 37 CFR 1.111 with or without amendment, affidavit or other 
evidence. Any amendment, affidavit or other evidence must be relevant to the new grounds of 
rejection. A request that complies with 37 CFR 41 .39(b)(1) will be entered and considered. Any 
request that prosecution be reopened will be treated as a request to withdraw the appeal. 

(2) Maintain appeal. Request that the appeal be maintained by filing a reply brief as set 
forth in 37 CFR 41 .41 . Such a reply brief must address each new ground of rejection as set forth 
in 37 CFR 41.37(c)(l)(vii) and should be in compliance with the other requirements of 37 CFR 
41.37(c). If a reply brief filed pursuant to 37 CFR 41.39(b)(2) is accompanied by any 
amendment, affidavit or other evidence, it shall be treated as a request that prosecution be 
reopened before the primary examiner under 37 CFR 41.39(b)(1). 

Extensions of time under 37 CFR 1 .136(a) are not applicable to the TWO MONTH time 
period set forth above. See 37 CFR 1 . 1 36(b) for extensions of time to reply for patent 
applications and 37 CFR 1 .550(c) for extensions of time to reply for ex parte reexamination 
proceedings. 
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Respectfully submitted, 
Benjamin^. Lanier 




A Technology Center Director or designee must personally approve the new 
ground(s) of rejection set forth in section (9) above by signing below: 



Conferees: 
Gilberto Barron 
Matthew Smithers 






